Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failed to determine supportedLDAPVersion #105

Closed
iromli opened this issue Dec 14, 2015 · 4 comments
Closed

Failed to determine supportedLDAPVersion #105

iromli opened this issue Dec 14, 2015 · 4 comments

Comments

@iromli
Copy link

iromli commented Dec 14, 2015

In Community Edition, there's new LDAP config value to reject unauthenticated requests:

['set-global-configuration-prop', '--set', 'reject-unauthenticated-requests:true']

As the result, oxAuth throws error in startup process.

To reproduce this issue, one can use 2 scenarios:

1) Deploy LDAP with reject-unauthenticated-requests:true config

Logs from oxauth.log:

2015-12-14 16:13:56,902 INFO  [org.jboss.seam.Component] Component: xmlService, scope: APPLICATION, type: JAVA_BEAN, class: org.xdi.service.XmlService
2015-12-14 16:13:56,904 WARN  [org.jboss.seam.security.permission.PersistentPermissionResolver] no permission store available - please install a Permis
sionStore with the name 'org.jboss.seam.security.jpaPermissionStore' if persistent permissions are required.
2015-12-14 16:13:56,993 INFO  [org.xdi.oxauth.model.util.JwtUtil] Adding Bouncy Castle Provider
2015-12-14 16:13:57,422 ERROR [org.gluu.site.ldap.LDAPConnectionProvider] Failed to determine supportedLDAPVersion
LDAPSearchException(resultCode=53 (unwilling to perform), numEntries=0, numReferences=0, errorMessage='Rejecting the requested operation  because the c
onnection has not been authenticated')
        at com.unboundid.ldap.sdk.LDAPConnection.search(LDAPConnection.java:3112)
        at com.unboundid.ldap.sdk.LDAPConnection.getEntry(LDAPConnection.java:1422)
        at com.unboundid.ldap.sdk.RootDSE.getRootDSE(RootDSE.java:264)
        at com.unboundid.ldap.sdk.LDAPConnection.getRootDSE(LDAPConnection.java:1320)
        at com.unboundid.ldap.sdk.AbstractConnectionPool.getRootDSE(AbstractConnectionPool.java:438)
        at org.gluu.site.ldap.LDAPConnectionProvider.determineSupportedLdapVersion(LDAPConnectionProvider.java:140)
        at org.gluu.site.ldap.LDAPConnectionProvider.init(LDAPConnectionProvider.java:129)
        at org.gluu.site.ldap.LDAPConnectionProvider.<init>(LDAPConnectionProvider.java:59)
        at org.xdi.service.ldap.LdapConnectionService.<init>(LdapConnectionService.java:21)
        at org.xdi.oxauth.service.AppInitializer.createConnectionProvider(AppInitializer.java:335)
        at org.xdi.oxauth.service.AppInitializer.createBindConnectionProvider(AppInitializer.java:341)
        at org.xdi.oxauth.service.AppInitializer.createConnectionProvider(AppInitializer.java:273)
        at org.xdi.oxauth.service.AppInitializer.createApplicationComponents(AppInitializer.java:106)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at org.jboss.seam.util.Reflections.invoke(Reflections.java:22)
        at org.jboss.seam.intercept.RootInvocationContext.proceed(RootInvocationContext.java:32)
        at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56)
        at org.jboss.seam.transaction.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:28)
        at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
        at org.jboss.seam.core.BijectionInterceptor.aroundInvoke(BijectionInterceptor.java:77)
        at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
        at org.jboss.seam.core.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:44)
        at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
        at org.jboss.seam.async.AsynchronousInterceptor.aroundInvoke(AsynchronousInterceptor.java:52)
        at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
        at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107)
        at org.jboss.seam.intercept.JavaBeanInterceptor.interceptInvocation(JavaBeanInterceptor.java:185)
        at org.jboss.seam.intercept.JavaBeanInterceptor.invoke(JavaBeanInterceptor.java:103)
        at org.xdi.oxauth.service.AppInitializer_$$_javassist_seam_1.createApplicationComponents(AppInitializer_$$_javassist_seam_1.java)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at org.jboss.seam.util.Reflections.invoke(Reflections.java:22)
        at org.jboss.seam.util.Reflections.invokeAndWrap(Reflections.java:144)
        at org.jboss.seam.Component.callComponentMethod(Component.java:2275)
        at org.jboss.seam.Component.callCreateMethod(Component.java:2198)
        at org.jboss.seam.Component.newInstance(Component.java:2158)
        at org.jboss.seam.contexts.Contexts.startup(Contexts.java:304)
        at org.jboss.seam.contexts.Contexts.startup(Contexts.java:278)
        at org.jboss.seam.contexts.ServletLifecycle.endInitialization(ServletLifecycle.java:143)
        at org.jboss.seam.init.Initialization.init(Initialization.java:744)
        at org.jboss.seam.servlet.SeamListener.contextInitialized(SeamListener.java:36)
        at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:5003)
        at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5517)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
        at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:677)
        at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1942)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
        at java.util.concurrent.FutureTask.run(FutureTask.java:262)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:745)
2015-12-14 16:13:57,425 INFO  [org.xdi.oxauth.model.config.ConfigurationFactory] Loading configuration from LDAP...                           [48/1927]
2015-12-14 16:13:57,555 DEBUG [org.xdi.oxauth.service.AppInitializer] Created ldapEntryManager: org.gluu.site.ldap.persistence.LdapEntryManager@3a00ad7
c
2015-12-14 16:13:57,790 INFO  [org.xdi.oxauth.model.config.ConfigurationFactory] Configuration loaded successfully.
2015-12-14 16:13:58,034 ERROR [org.gluu.site.ldap.LDAPConnectionProvider] Failed to determine supportedLDAPVersion
LDAPSearchException(resultCode=53 (unwilling to perform), numEntries=0, numReferences=0, errorMessage='Rejecting the requested operation  because the c
onnection has not been authenticated')
        at com.unboundid.ldap.sdk.LDAPConnection.search(LDAPConnection.java:3112)
        at com.unboundid.ldap.sdk.LDAPConnection.getEntry(LDAPConnection.java:1422)
        at com.unboundid.ldap.sdk.RootDSE.getRootDSE(RootDSE.java:264)
        at com.unboundid.ldap.sdk.LDAPConnection.getRootDSE(LDAPConnection.java:1320)
        at com.unboundid.ldap.sdk.AbstractConnectionPool.getRootDSE(AbstractConnectionPool.java:438)
        at org.gluu.site.ldap.LDAPConnectionProvider.determineSupportedLdapVersion(LDAPConnectionProvider.java:140)
        at org.gluu.site.ldap.LDAPConnectionProvider.init(LDAPConnectionProvider.java:129)
        at org.gluu.site.ldap.LDAPConnectionProvider.<init>(LDAPConnectionProvider.java:59)
        at org.xdi.service.ldap.LdapConnectionService.<init>(LdapConnectionService.java:21)
        at org.xdi.oxauth.service.AppInitializer.createConnectionProvider(AppInitializer.java:335)
        at org.xdi.oxauth.service.AppInitializer.createBindConnectionProvider(AppInitializer.java:341)
        at org.xdi.oxauth.service.AppInitializer.createAuthConnectionProviders(AppInitializer.java:300)
        at org.xdi.oxauth.service.AppInitializer.createAuthConnectionProviders(AppInitializer.java:282)
        at org.xdi.oxauth.service.AppInitializer.createApplicationComponents(AppInitializer.java:111)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at org.jboss.seam.util.Reflections.invoke(Reflections.java:22)
        at org.jboss.seam.intercept.RootInvocationContext.proceed(RootInvocationContext.java:32)                                              [22/1927]
        at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56)
        at org.jboss.seam.transaction.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:28)
        at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
        at org.jboss.seam.core.BijectionInterceptor.aroundInvoke(BijectionInterceptor.java:77)
        at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
        at org.jboss.seam.core.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:44)
        at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
        at org.jboss.seam.async.AsynchronousInterceptor.aroundInvoke(AsynchronousInterceptor.java:52)
        at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
        at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107)
        at org.jboss.seam.intercept.JavaBeanInterceptor.interceptInvocation(JavaBeanInterceptor.java:185)
        at org.jboss.seam.intercept.JavaBeanInterceptor.invoke(JavaBeanInterceptor.java:103)
        at org.xdi.oxauth.service.AppInitializer_$$_javassist_seam_1.createApplicationComponents(AppInitializer_$$_javassist_seam_1.java)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at org.jboss.seam.util.Reflections.invoke(Reflections.java:22)
        at org.jboss.seam.util.Reflections.invokeAndWrap(Reflections.java:144)
        at org.jboss.seam.Component.callComponentMethod(Component.java:2275)
        at org.jboss.seam.Component.callCreateMethod(Component.java:2198)
        at org.jboss.seam.Component.newInstance(Component.java:2158)
        at org.jboss.seam.contexts.Contexts.startup(Contexts.java:304)
        at org.jboss.seam.contexts.Contexts.startup(Contexts.java:278)
        at org.jboss.seam.contexts.ServletLifecycle.endInitialization(ServletLifecycle.java:143)
        at org.jboss.seam.init.Initialization.init(Initialization.java:744)
        at org.jboss.seam.servlet.SeamListener.contextInitialized(SeamListener.java:36)
        at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:5003)
        at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5517)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
        at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:677)
        at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1942)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
        at java.util.concurrent.FutureTask.run(FutureTask.java:262)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:745)
2015-12-14 16:13:58,136 INFO  [org.xdi.oxauth.model.common.AuthorizationGrantList] Created LDAP authorization grant list
2015-12-14 16:13:58,156 INFO  [org.jboss.seam.resteasy.ResteasyBootstrap] bootstrapping JAX-RS application
2015-12-14 16:13:58,190 INFO  [org.jboss.seam.resteasy.ResteasyBootstrap] registering built-in RESTEasy providers
2015-12-14 16:13:58,435 INFO  [org.xdi.oxauth.service.uma.RPTManager] Created LDAP UMA RPT manager
2015-12-14 16:13:58,441 INFO  [org.xdi.oxauth.service.uma.ResourceSetPermissionManager] Created LDAP UMA resource set manager
2015-12-14 16:13:58,446 DEBUG [org.xdi.oxauth.service.CleanerTimer] Initializing CleanerTimer
2015-12-14 16:13:58,458 DEBUG [org.xdi.oxauth.service.KeyGeneratorTimer] Initializing KeyGeneratorTimer
2015-12-14 16:13:59,179 INFO  [org.jboss.seam.servlet.SeamFilter] Initializing filter: org.jboss.seam.web.hotDeployFilter
2015-12-14 16:13:59,179 INFO  [org.jboss.seam.servlet.SeamFilter] Initializing filter: org.jboss.seam.web.redirectFilter
2015-12-14 16:13:59,179 INFO  [org.jboss.seam.servlet.SeamFilter] Initializing filter: org.jboss.seam.web.exceptionFilter
2015-12-14 16:13:59,179 INFO  [org.jboss.seam.servlet.SeamFilter] Initializing filter: org.jboss.seam.web.multipartFilter
2015-12-14 16:13:59,179 INFO  [org.jboss.seam.servlet.SeamFilter] Initializing filter: org.jboss.seam.web.identityFilter
2015-12-14 16:13:59,180 INFO  [org.jboss.seam.servlet.SeamFilter] Initializing filter: org.jboss.seam.web.authenticationFilter
2015-12-14 16:13:59,180 INFO  [org.jboss.seam.servlet.SeamFilter] Initializing filter: org.jboss.seam.web.loggingFilter
2015-12-14 16:13:59,180 INFO  [org.jboss.seam.servlet.SeamFilter] Initializing filter: org.jboss.seam.web.rewriteFilter
2015-12-14 16:14:58,492 DEBUG [org.xdi.oxauth.service.AppInitializer] Created ldapAuthEntryManager1: org.gluu.site.ldap.persistence.LdapEntryManager@2e
acd66d

2) LDAP without reject-unauthenticated-requests:true config

Logs from oxauth.log:

2015-12-14 16:05:41,863 INFO  [org.jboss.seam.Component] Component: xmlService, scope: APPLICATION, type: JAVA_BEAN, class: org.xdi.service.XmlService
2015-12-14 16:05:41,866 WARN  [org.jboss.seam.security.permission.PersistentPermissionResolver] no permission store available - please install a Permis
sionStore with the name 'org.jboss.seam.security.jpaPermissionStore' if persistent permissions are required.
2015-12-14 16:05:41,992 INFO  [org.xdi.oxauth.model.util.JwtUtil] Adding Bouncy Castle Provider
2015-12-14 16:05:42,216 INFO  [org.xdi.oxauth.model.config.ConfigurationFactory] Loading configuration from LDAP...
2015-12-14 16:05:42,342 DEBUG [org.xdi.oxauth.service.AppInitializer] Created ldapEntryManager: org.gluu.site.ldap.persistence.LdapEntryManager@b9f50bc
2015-12-14 16:05:42,580 INFO  [org.xdi.oxauth.model.config.ConfigurationFactory] Configuration loaded successfully.
2015-12-14 16:05:42,776 INFO  [org.xdi.oxauth.model.common.AuthorizationGrantList] Created LDAP authorization grant list
2015-12-14 16:05:42,797 INFO  [org.jboss.seam.resteasy.ResteasyBootstrap] bootstrapping JAX-RS application
2015-12-14 16:05:42,829 INFO  [org.jboss.seam.resteasy.ResteasyBootstrap] registering built-in RESTEasy providers
2015-12-14 16:05:43,184 INFO  [org.xdi.oxauth.service.uma.RPTManager] Created LDAP UMA RPT manager
2015-12-14 16:05:43,198 INFO  [org.xdi.oxauth.service.uma.ResourceSetPermissionManager] Created LDAP UMA resource set manager
2015-12-14 16:05:43,206 DEBUG [org.xdi.oxauth.service.CleanerTimer] Initializing CleanerTimer
2015-12-14 16:05:43,220 DEBUG [org.xdi.oxauth.service.KeyGeneratorTimer] Initializing KeyGeneratorTimer
2015-12-14 16:05:44,189 INFO  [org.jboss.seam.servlet.SeamFilter] Initializing filter: org.jboss.seam.web.hotDeployFilter
2015-12-14 16:05:44,189 INFO  [org.jboss.seam.servlet.SeamFilter] Initializing filter: org.jboss.seam.web.redirectFilter
2015-12-14 16:05:44,189 INFO  [org.jboss.seam.servlet.SeamFilter] Initializing filter: org.jboss.seam.web.exceptionFilter
2015-12-14 16:05:44,189 INFO  [org.jboss.seam.servlet.SeamFilter] Initializing filter: org.jboss.seam.web.multipartFilter
2015-12-14 16:05:44,189 INFO  [org.jboss.seam.servlet.SeamFilter] Initializing filter: org.jboss.seam.web.identityFilter
2015-12-14 16:05:44,189 INFO  [org.jboss.seam.servlet.SeamFilter] Initializing filter: org.jboss.seam.web.authenticationFilter
2015-12-14 16:05:44,189 INFO  [org.jboss.seam.servlet.SeamFilter] Initializing filter: org.jboss.seam.web.loggingFilter
2015-12-14 16:05:44,189 INFO  [org.jboss.seam.servlet.SeamFilter] Initializing filter: org.jboss.seam.web.rewriteFilter
@iromli
Copy link
Author

iromli commented Dec 14, 2015

Anyway, I'm using latest oxAuth war (v2.4.1, built Dec 12th, 2015).

@yurem
Copy link
Contributor

yurem commented Dec 14, 2015

Can you try to check this on latest v2.4.1 (built today - Dec 14th, 2015)

@iromli
Copy link
Author

iromli commented Dec 14, 2015

Yes, I can do that. I will share the test result.

@iromli
Copy link
Author

iromli commented Dec 14, 2015

@yurem Yes, it's fixed in latest build.

2015-12-14 18:09:14,676 INFO  [org.jboss.seam.Component] Component: xmlService, scope: APPLICATION, type: JAVA_BEAN, class: org.xdi.service.XmlService
2015-12-14 18:09:14,679 WARN  [org.jboss.seam.security.permission.PersistentPermissionResolver] no permission store available - please install a PermissionStore with the name 'org.jboss.seam.security.jpaPermissionStore' if persistent permissions are required.
2015-12-14 18:09:14,803 INFO  [org.xdi.oxauth.model.util.JwtUtil] Adding Bouncy Castle Provider
2015-12-14 18:09:15,063 INFO  [org.xdi.oxauth.model.config.ConfigurationFactory] Loading configuration from LDAP...
2015-12-14 18:09:15,184 DEBUG [org.xdi.oxauth.service.AppInitializer] Created ldapEntryManager: org.gluu.site.ldap.persistence.LdapEntryManager@75f92fac
2015-12-14 18:09:15,436 INFO  [org.xdi.oxauth.model.config.ConfigurationFactory] Configuration loaded successfully.
2015-12-14 18:09:15,638 INFO  [org.xdi.oxauth.model.common.AuthorizationGrantList] Created LDAP authorization grant list
2015-12-14 18:09:15,660 INFO  [org.jboss.seam.resteasy.ResteasyBootstrap] bootstrapping JAX-RS application
2015-12-14 18:09:15,693 INFO  [org.jboss.seam.resteasy.ResteasyBootstrap] registering built-in RESTEasy providers
2015-12-14 18:09:15,927 INFO  [org.xdi.oxauth.service.uma.RPTManager] Created LDAP UMA RPT manager
2015-12-14 18:09:15,934 INFO  [org.xdi.oxauth.service.uma.ResourceSetPermissionManager] Created LDAP UMA resource set manager
2015-12-14 18:09:15,944 DEBUG [org.xdi.oxauth.service.CleanerTimer] Initializing CleanerTimer
2015-12-14 18:09:15,951 DEBUG [org.xdi.oxauth.service.KeyGeneratorTimer] Initializing KeyGeneratorTimer

Thanks.

@iromli iromli closed this as completed Dec 14, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@iromli @yurem